The API documentation for Create behavior events lists valid behavior event names and actions. While the platform accepts all these valid entries, only a specific subset of names are processed into behavior events. When processed, these events update scores and activity logs.
Below is a list of processed behavior event names. Note that there are no restrictions on event actions, as long as they appear in the API documentation list.
Event name |
ANTIVIRUS |
BEHAVIOUR_IQ |
BEHAVIOUR_TRACKER |
COMPLIANT_COMPUTER |
COMPLIANT_MOBILE |
COMPROMISED_CREDENTIALS |
COMPROMISED_PASSPHRASE |
COMPUTER_OS |
CONFIDENTIAL_DATA |
CONFIDENTIAL_DATA_FILE |
CREDENTIALS |
ENCRYPTED_DEVICE |
FIREWALL |
LEAKED_CREDENTIALS |
LEARNING |
LEARNING_REFRESH |
MALICIOUS_LINK |
MALWARE |
MFA |
MICROSOFT365 |
MOBILE_OS |
MSDEFENDER |
NON_ROOTED_MOBILE |
OLD_ACCOUNT |
PHISHING |
PHISHING_EMAIL |
PII |
PII_FILE |
REFRESHER_TEST |
UNCOMPROMISED_PASSPHRASE |
SECURITY_EXTENSION |
SECURITY_INCIDENT |
SECURITY_PROFESSIONAL |
SHARED_CREDENTIAL |
SSO |
STRONG_PASSPHRASE |
SUSPECTED_PHISHING_EMAIL |
THIRD_PARTY_APP |
UNAUTHORISED_DEVICE |
UNAUTHORISED_SITE |
WEAK_PASSPHRASE |